Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

JustinW,
You do not have Windows Service Pack 2 installed on your machine, nor do you have Automatic Updates running.
Can you tell me why that is?.
This situation allows many vulnerabilities that can be exploited by Trojans and Worms.
-----------------------------------------------------------Disable SpywareGuard - Right Click the running icon of Spywareguard to open the program.
- Then go to Menu, File, Exit.
- Confirm the program is closed.
(Reverse this process after your malware removal is complete).
- Reboot your machine for the changes to take effect.
-----------------------------------------------------------You have two antivirus programs on your PC at the same time.Choose to keep either the Alwil(Avast) or McAfee Antivirus, and Uninstall the other, Using Start, Control Panel, Add/Remove Programs.Also Uninstall Daemon Tools using Add/Remove Programs.
-----------------------------------------------------------This is not officially supported by Microsoft, but is safer than Daemon Tools:
http://download.microsoft.com/download/ ... nel_21.exe-----------------------------------------------------------Run Your AVG Anti-Spyware:

Click the Update icon at the top and under Manual Update click the Start update button.

The program will either update or inform you that no update was available.

It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).

Please set up the program as follows:

Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.

Click the Update icon and untick the automatic update option.

Click on Scanner on the toolbar.

Click on the Settings tab.

Under How to act? - make sure that Quarantine is selected.

Under How to scan? - All checkboxes should be ticked.

Under Possibly unwanted software - All checkboxes should be ticked.

Under Reports - Select Do not automatically generate reports.

Under What to scan? - Select Scan every file.

Close all open windows.

Click on Scanner on the toolbar.

Click on Complete System Scan to start the scan process.

Let the program scan your computer.

When the scan has finished, follow the instructions below:

Make sure that Set all elements to: shows Quarantine

Important: Click on the Apply all Actions button (*** This must done before saving the report ***)

When the program has finished, it will display the message All actions have been applied.

Then click the Save Scan Report button.

Click the Save Report as button.

Save the report to your Desktop. We will need it for your next reply.

Right-click the AVG Tray Icon and select Exit.

-----------------------------------------------------------Post a New HJT LogReboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply
Also include in your reply the report from AVG Anti-Spyware and your answer about Service Pack 2.
askey127

If you use Opera browser,Click Opera at the top and choose Select AllClick on Empty SelectedNOTE: If you would like to keep any saved passwords, please click No at the prompt.Click Exit to close.-----------------------------------------------------------Stop Processes Prior to DeletionClose ALL open windows. Use Ctrl-Alt-Delete together to bring up the task manager.Under the processes tab, if it is visible, check the box 'Show processes from all users'. Highlight this entry and "End Process":daemon.exe-----------------------------------------------------------Remove log items with HighjackThis. Start HijackThis. Click Do System Scan Only. When the Scan is complete, Check the following entries:(Some of these lines may be missing)O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked.-----------------------------------------------------------Folder DeletionIn Windows Explorer (My Computer), navigate to each folder shown below, highlight the folder if found, and press Delete.C:\Program Files\DAEMON Tools\In the case of a folder removal, you may have to first open the folder, choose View, Details, and delete all the underlying files and folders before an entire folder can be deleted.If you need to delete underlying files in a folder and are unable to do so:Right click the file set for deletion, and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete. If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete. Please Note the name and location of any item you cannot delete..-----------------------------------------------------Using Internet Explorer, Please Do an Online Scan with Kaspersky WebScanner.Go here to run an online scannner from Kaspersky.

Click on "Kaspersky Online Scanner"

A new smaller window will pop up. Press on "Accept". After reading the contents.

Now Kaspersky will update the anti-virus database. Let it run.

Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.

Then click on "My Computer", and the scan will start.

Once finished, save the log to your Desktop as filename KAV.txt

-----------------------------------------------------------Post a New HJT LogReboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log in a reply along with the contents of KAV.txt

You may want to print this out, or save it as a Notepad document on your Desktop, since you won't have Internet access in Safe Mode.
-----------------------------------------------------------Download Blacklight Beta from here:
https://europe.f-secure.com/exclude/blacklight/fsbl.exe * Download fsbl.exe and save it to the C:\
* Once saved... double click blbeta.exe to install the program.
Go to Start-->Run, copy in the following text and press Enter:
C:\fsbl.exe /expert(note space between fsbl.exe and /expert)

Accept the agreement, leave [X]scan through Windows Explorer checked.
Click > scan, Then > nextYou'll see a list of all items found.
Don't choose Rename if something was found!There will also be a log in C:\ with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.
-----------------------------------------------------------Start Your Computer in Safe Mode.Reboot into Safe Mode by hitting the F8 key repeatedly as the machine boots, until a menu shows up. Choose Safe Mode from the list. In some systems, this may be the F5 key, so try that if F8 doesn't work. Additional Info is here: http://www.computerhope.com/issues/chsafe.htm-----------------------------------------------------------File Deletion.In Windows Explorer (My Computer), navigate to the files shown below, select View, Details, highlight each listed file only, one at a time, and press Delete. Be careful not to delete any file without double-checking the exact spelling of the filename.

C:\Documents and Settings\Justin W\Desktop\Tabs\setup_ares.exe <== Delete this whether it is a folder or a file
C:\Program Files\Tracker\GolfRegister.exe

If you have any problem deleting a file, right click the file and choose Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.
-----------------------------------------------------------Reboot your Machine in Normal Mode.-----------------------------------------------------------Download and Run a Diagnostic Tool (MGADiag.exe) from here and save this to your desktop.
http://go.microsoft.com/fwlink/?linkid=56062 * Double-click on MGADiag.exe * When the program has finished, click on the Validation tab and then click on Copy to Clipboard.
* Please post the results in your next reply, along with the contents of your Blacklight Log.

Are you signed in on a limited account?
Go to the Start,Control Panel or Start, Settings, Control Panel and scroll down to User Accounts . Double click it and find your User name.
Does your Username say Computer Administrator? or Limited Account?

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.